If phishing scams are designed to trick people, why have so many of them traditionally looked so obvious?
For years, most phishing attacks were mass-produced. The same email, the same fake website and the same message were sent to thousands of people, hoping someone would eventually click.
That approach still exists today.
But it is starting to evolve.
Generative AI is changing the way phishing attacks can be created.
Instead of relying on one poorly written email or one obvious fake website, cyber criminals can now generate content that looks more polished, personalised and believable.
Security researchers have already demonstrated how AI could be used to create phishing pages that adapt to each visitor.
A person clicks a link and lands on a page that appears harmless. Once loaded, the page can use AI to generate content and assemble the scam directly inside the browser.
This means the wording, layout and code can all change each time.
Instead of one fake website for security tools to detect and block, the phishing page may not fully exist until someone opens it.
This type of phishing is not yet widespread, but the building blocks already exist.
AI is increasingly being used to:
The direction is clear. Phishing attacks are becoming smarter, faster and harder to identify.
That changes the risk for businesses.
Phishing is no longer just about spotting bad spelling, strange formatting or obvious mistakes. Future scams may look professional, familiar and completely legitimate.
For years, phishing awareness focused on teaching people to spot suspicious emails and avoid clicking the wrong link.
That still matters.
But modern protection needs to go further.
Businesses should focus on reducing the impact when mistakes happen, not just trying to prevent every click.
Protections such as multi-factor authentication, email filtering, endpoint protection, secure browsers and access controls all help reduce risk, even when a phishing page looks convincing.
Because eventually, someone will click something they should not.
The goal is to ensure one mistake does not become a major business incident.
Phishing is getting smarter, faster and harder to detect.
Businesses need to assume the next scam will look convincing and make sure their security does not rely on obvious warning signs alone.
At Perigon One, we help businesses reduce risk, improve visibility and strengthen protection against modern cyber threats.
Get in touch to review your defences.
